SynoLocker™Automated Decryption ServiceAll important files on this NAS have been encrypted using strong cryptography

List of encrypted files available here.Follow these simple steps if files recovery is needed:1. Download and install Tor Browser.2. Open Tor Browser and visit http://cypherxffttr7hho.onion. This link works only with the Tor Browser.3. Login with your identification code to get further instructions on how to get a decryption key.4. Your identification code is - (also visible here).5. Follow the instructions on the decryption page once a valid decryption key has been acquired.

"When trying to access DSM, it displays the following message 'All important files on this NAS have been encrypted using strong cryptography', in addition to instructions for paying a fee to unlock your data.

"What should you do? If you are seeing this message when trying to login to DSM:

"1) Power off the DiskStation immediately to avoid more files being encrypted

"2) Contact our Support team so we can investigate further. If you are in doubt as to whether your DiskStation may be affected, please don't hesitate to contact us at security@synology.com

"We apologise for any issue this has created, we will keep you updated with latest information as we address this issue. Our support team can be reached here."

1. Shut down the NAS2. Remove all the hard drives from the NAS3. Find a spare hard drive that you will not mind wiping and insert it into the NAS4. Use Synology Assistant to find the NAS and install the latest DSM onto this spare hard drive (use the latest DSM_file.pat from Synology) 5. When the DSM is fully running on this spare hard drive, shut down the NAS from the web management console.6. Remove the spare drive and insert ALL your original drives.7. Power up the NAS and wait patiently. If all goes well after about a minute you will hear a long beep and the NAS will come online.8. Use Synology Assistant to find the NAS. It should now be visible with the status "migratable".9. From Synology Assistant choose to install DSM to the NAS, use the same file you used in step 4 and specify the same name and IP address as it was before the crash.10. Because the NAS is recognized as "migratable", the DSM installation will NOT wipe out the data on either the system partition nor the data partition.11. After a few minutes, the installation will finish and you will be able to log in to your NAS with your original credentials.

Synology® Continues to Encourage Users to UpdateWashington, Bellevue—August 5th, 2014 —We’d like to provide a brief update regarding the recent ransomware called “SynoLocker,” which is currently affecting certain Synology NAS servers.We are fully dedicated to investigating this issue and possible solutions. Based on our current observations, this issue only affects Synology NAS servers running some older versions of DSM (DSM 4.3-3810 or earlier), by exploiting a security vulnerability that was fixed and patched in December, 2013. Furthermore, to prevent spread of the issue we have only enabled QuickConnect and Synology DDNS service to secure versions of DSM. At present, we have not observed this vulnerability in DSM 5.0.For Synology NAS servers running DSM 4.3-3810 or earlier, and if users encounter any of the below symptoms, we recommend they shutdown their system and contact our technical support team here: https://myds.synology.com/support/support_form.phpWhen attempting to log in to DSM, a screen appears informing users that data has been encrypted and a fee is required to unlock data.A process called “synosync” is running in Resource Monitor.DSM 4.3-3810 or earlier is installed, but the system says the latest version is installed at Control Panel > DSM Update.For users who have not encountered any of the symptoms stated above, we highly recommend downloading and installing DSM 5.0, or any version below:For DSM 4.3, please install DSM 4.3-3827 or laterFor DSM 4.1 or DSM 4.2, please install DSM 4.2-3243 or laterFor DSM 4.0, please install DSM 4.0-2259 or laterDSM can be updated by going to Control Panel > DSM Update. Users can also manually download and install the latest version from our Download Center here: http://www.synology.com/support/download.If users notice any strange behavior or suspect their Synology NAS server has been affected by the above issue, we encourage them to contact us at security@synology.com.We sincerely apologize for any problems or inconvenience this issue has caused our users. We will keep you updated with the latest information as we address this issue.

We would like to inform you that a ransomware called "SynoLocker" is currently affecting some Synology NAS users. This ransomware locks down affected servers, encrypts users’ files, and demands a fee to regain access to the encrypted files.We have confirmed that the ransomware only affects Synology NAS servers running older versions of DiskStation Manager by exploiting a security vulnerability that was fixed and patched in December, 2013.

Affected users may encounter the following symptoms:

When attempting to log in to DSM, a screen appears informing users that data has been encrypted and a fee is required to unlock data.Abnormally high CPU usage or a running process called “synosync” (which can be checked at Main Menu > Resource Monitor).DSM 4.3-3810 or earlier; DSM 4.2-3236 or earlier; DSM 4.1-2851 or earlier; DSM 4.0-2257 or earlier is installed, but the system says no updates are available at Control Panel > DSM Update.If you have encountered the above symptoms, please shutdown the system immediately and contact our technical support here: https://myds.synology.com/support/support_form.php

If you have not encountered the above symptoms, we strongly recommend downloading and installing DSM 5.0, or any version below:

DSM 4.3-3827 or laterDSM 4.2-3243 or laterDSM 4.0-2259 or laterDSM 3.x or earlier is not affectedYou can manually download the latest version from our Download Center and install it at Control Panel > DSM Update > Manual DSM Update.If you notice any strange behavior or suspect your Synology NAS server has been affected by the above issue, please contact us at security@synology.com.

We sincerely apologize for any problems or inconvenience this issue has caused our users. We’ll keep you updated with the latest information as we continue to address this issue.Thank you for your continued patience and support.